vcl/source/fontsubset/sft.cxx | 7 ++++++-
vcl/source/fontsubset/ttcr.cxx | 6 +++++-
2 files changed, 11 insertions(+), 2 deletions(-)
New commits:
commit 8906788e25296f3875682bad374e6845f4bb20e2
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Feb 26 21:40:20 2022 +0000
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Fri Mar 4 12:47:49 2022 +0100
ofz#45073 don't dereference null pointer on bogus font
Change-Id: I28616696833b87c300d2ee7061a15921042934b9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130613
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130936
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
Tested-by: Jenkins
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 6c515dabdee7..98b758064943 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -2245,8 +2245,13 @@ void GetTTGlobalFontInfo(TrueTypeFont *ttf,
TTGlobalFontInfo *info)
GlyphData *GetTTRawGlyphData(AbstractTrueTypeFont *ttf, sal_uInt32 glyphID)
{
+ sal_uInt32 hmtxlength;
+ const sal_uInt8* hmtx = ttf->table(O_hmtx, hmtxlength);
+
+ if (!hmtxlength)
+ return nullptr;
+
sal_uInt32 length;
- const sal_uInt8* hmtx = ttf->table(O_hmtx, length);
const sal_uInt8* glyf = ttf->table(O_glyf, length);
int n;
diff --git a/vcl/source/fontsubset/ttcr.cxx b/vcl/source/fontsubset/ttcr.cxx
index 86dc02206e92..40729ffd101d 100644
--- a/vcl/source/fontsubset/ttcr.cxx
+++ b/vcl/source/fontsubset/ttcr.cxx
@@ -1250,7 +1250,11 @@ static void ProcessTables(TrueTypeCreator *tt)
glyf = FindTable(tt, T_glyf);
glyphlist = static_cast<list>(glyf->data);
nGlyphs = listCount(glyphlist);
- assert(nGlyphs != 0);
+ if (!nGlyphs)
+ {
+ SAL_WARN("vcl.fonts", "no glyphs found in ProcessTables");
+ return;
+ }
gid = static_cast<sal_uInt32*>(scalloc(nGlyphs, sizeof(sal_uInt32)));
RemoveTable(tt, T_loca);
